I am searching now for weeks to find the best way to secure my webserver. I want users to be able to run cgi and php scripts. For the securtity all the scripts have to run under there own names. All the users that may use scripts, have a virtual host.
I tried with suexec. It works perfect, no problem. But at the tot of every php script, you have to add #!/usr/bin/php, witch gives a lot of trouble to users, by example when scripts are run by webserver from outside and the same script is also included (that the line should not exist). I couldn't find with the suexec configuration how to "solve" this. Anybody has an idea.
Next thing i tried was the cgiwrapper. With a patch you can make 2, a cgiwrap and a php-cgiwrap, and then the first line isn't nesesarry anymore. Problem now, He looks after directory names, so all virtualhosts doesn't work, because he can't find the right user.
The question now. What is the best and most secure way to solve this?